📰 Dev.to · BeyondMachines

CPUID's official website was compromised to distribute the STX RAT infostealer through poisoned download links for popular tools like CPU-Z and HWMonitor. The a

OneDigital Investment Advisors report a data breach affecting 28,414 individuals after unauthorized actors exploited a compromise in the Drift chat tool integra

Grand Process Technology, a Taiwanese semiconductor equipment manufacturer, reported a ransomware attack on April 10, 2026.

NYK reported a data breach in its marine fuel procurement system that led to the exfiltration of personal data belonging to employees and business partners. The

Marimo patched a critical RCE vulnerability (CVE-2026-39987) that was exploited within 10 hours of disclosure to steal cloud credentials and SSH keys. The flaw

Aetna reported two data breaches affecting 11,663 individuals caused by a mailing distribution error by a business associate that disclosed member information t

Chevin Fleet Solutions took its FleetWave SaaS platform offline in the UK and US following a cybersecurity incident discovered on April 3, 2026. The company is

New Zealand healthcare provider IntraCare suffered a cyber breach in March 2026, leading to a total IT shutdown, the theft of patient data, and the postponement

A Bellingcat investigation revealed that nearly 800 Hungarian government credentials from 12 ministries were leaked in breach databases due to poor digital hygi

Tulane University reports a data breach exposing employee data after the Cl0p ransomware group exploited a zero-day vulnerability in the Oracle E-Business Suite

A zero-day actively exploited vulnerability in Adobe Reader's JavaScript engine allows attackers to exfiltrate system data and potentially execute remote code v

AP Systems patched a critical vulnerability in its microinverters that allowed remote attackers to inject malicious firmware via MQTT, potentially enabling grid

A Citizen Lab investigation reveals a surveillance system Webloc, now sold by U.S.-based Penlink, exploits mobile advertising data and app SDKs to track the loc

Bitcoin Depot suffered a $3.7 million theft after attackers compromised internal credentials to access corporate settlement accounts and exfiltrate 50.9 Bitcoin

A threat actor claims to have breached MyLovely.AI, an NSFW AI companion platform, and is auctioning a 2.1 GB database that allegedly includes user emails, soci

Google Chrome 147 patches 60 vulnerabilities, including two critical memory corruption flaws in the WebML component that could allow remote code execution. The

Capita reported a data breach affecting 138 members of the UK Civil Service Pension Scheme after a portal error allowed users to view each other's annual benefi

The Los Angeles City Attorney’s Office was hit by a data breach involving 7.7 terabytes of sensitive LAPD records, including officer personnel files and witness

A threat actor known as FlamingChina allegedly stole 10 petabytes of sensitive military and aerospace data from the National Supercomputing Center in Tianjin af

ChipSoft, a Dutch healthcare software provider serving most of the country's hospitals, was hit by a ransomware attack that led to potential unauthorized access

Jones Day, a global law firm, confirmed a phishing attack that compromised dated files belonging to ten clients, while the Silent Ransom Group claimed responsib

Seeing Machines, an Australian transport safety technology firm, confirmed a cybersecurity incident after the Qilin ransomware group listed the company on its d

Snowflake customers suffered data theft after an alleged breach of Anodot, a third-party SaaS integrator. The ShinyHunters group claimed the attack. Anodot has

A critical unauthenticated arbitrary file upload vulnerability in the Ninja Forms – File Upload plugin (CVE-2026-0740) allows attackers to achieve remote code e